GET THE FREE NATIONAL CYBER SECURITY APP FOR YOUR PHONE AND TABLET
On August 28, the United States admitted to carrying out an airstrike, widely reported to have come from a drone, which killed an ISIS hacker by the name of Junaid Hussain. He was killed in Syria four days earlier on August 24. This strike represents the latest escalation in the United States’ evolving response to cyber attacks.
Hussain was primarily engaged in online recruitment and propaganda. He is also alleged to have participated in the hack of the CENTCOM website and Twitter TWTR +0.00%account, as well as posting personal information online about U.S. military personnel and making threats against them.
Though CENTCOM has described Hussain as “very dangerous” and as having “significant technical skills,” other officials have said that was not the case. These officials note that information Hussain posted online about U.S. military personnel was not the result of hacking, but instead, of aggregating openly available information from the Internet. That is, Hussain engaged in what is called “doxing” in the hacker world.
I agree with those officials casting doubt on Hussain’s status as a skilled hacker. Online propaganda, recruiting, and aggregating otherwise freely available information are not hacking. Breaking into a social media account that seems to have been poorly protectedhardly qualifies one for elite hacker status.
In short, this hyped victory over an ISIS “hacker” could well be another data point to add to what we are learning about potential bias in CENTCOM intelligence assessments, which critics claim are being altered to paint a more optimistic picture of U.S. effectiveness in the fight against ISIS.
But the strike is also important because it represents a foreseeable escalation in cyber conflict when we allow hyperbolic rhetoric and threat inflation to go unchecked. Theconflation of very different types of cyber conflict, from online activism, to crime, to critical infrastructure attacks under the terms “cyber attack,” “cyber terrorism,” or “cyber war,” invites conflict escalation. If we describe such threats in the same terms, then it is more tempting to respond to them in the same ways, even though not all of them may warrant the same level of response.